From 19a29ba848ac66fedbbb7059df09f93675e48a26 Mon Sep 17 00:00:00 2001
From: Urban Müller
Date: Fri, 16 Feb 2024 16:00:45 +0100
Subject: with EDC(text), no need to mark using html the values in T(), they
are guaranteed safe. fixes validation when values inserted into non-html
places like href=
---
auto_prepend.php | 2 +-
it_text.class | 10 ++++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/auto_prepend.php b/auto_prepend.php
index d961a7b..2becb66 100644
--- a/auto_prepend.php
+++ b/auto_prepend.php
@@ -74,7 +74,7 @@ function T($label, $language = null, $values = null)
if (is_array($language)) # Need to swap params?
list($language, $values) = array($values, $language);
- return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language);
+ return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language, false);
}
/**
diff --git a/it_text.class b/it_text.class
index 04291df..e08fff0 100644
--- a/it_text.class
+++ b/it_text.class
@@ -162,9 +162,9 @@ function text($label, $language = null)
/**
* INTERNAL function for ET(): Return translated text with values replaced
*/
-function etext($label, $values = null, $language = null)
+function etext($label, $values = null, $language = null, $allowmarking = true)
{
- return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs);
+ return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs, $allowmarking);
}
@@ -223,8 +223,10 @@ function set($label, $text = null, $language = null)
* Replaces variables of the form {obj.var} with value from $values, e.g. {user.name}, or result of a func, e.g. {LU(//www/terms)}
* NOTE: Invalid object names or non-existing variables are simply deleted.
*/
-static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null)
+static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null, $allowmarking = true)
{
+# EDC('u', $allowmarking, $text);
+
foreach (preg_split('#{([^}]*)}#', $text, -1, PREG_SPLIT_DELIM_CAPTURE) as $i => $part)
{
if ($i % 2) # odd offsets are delimiters, i.e. braces to be replaced
@@ -242,7 +244,7 @@ static function transmogrify($text, $values = null, $label = null, $allowedfuncs
else
$value = (list($func, $arg) = it::match('^([\w:]+)\((.*)\)$', $part)) && isset($allowedfuncs[$func]) ? $func($arg) : "{" . $part . "}";
- $result .= $GLOBALS['debug_texts'] ? "$value" : $value;
+ $result .= $GLOBALS['debug_texts'] && $allowmarking ? "$value" : $value;
}
else
$result .= $part;
--
cgit v1.2.3